async def receive_handshake(self, reader: asyncio.StreamReader,
writer: asyncio.StreamWriter) -> None:
# Use reader to read the auth_init msg until EOF
msg = await reader.read(ENCRYPTED_AUTH_MSG_LEN)
# Use HandshakeResponder.decode_authentication(auth_init_message) on auth init msg
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg, self.privkey)
# Try to decode as EIP8
except DecryptionError:
msg_size = big_endian_to_int(msg[:2])
remaining_bytes = msg_size - ENCRYPTED_AUTH_MSG_LEN + 2
msg += await reader.read(remaining_bytes)
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg, self.privkey)
# Get remote's address: IPv4 or IPv6
ip, port, *_ = writer.get_extra_info("peername")
remote_address = Address(ip, port)
# Create `HandshakeResponder(remote: kademlia.Node, privkey: datatypes.PrivateKey)` instance
initiator_remote = Node(initiator_pubkey, remote_address)
responder = HandshakeResponder(initiator_remote, self.privkey)
# Call `HandshakeResponder.create_auth_ack_message(nonce: bytes)` to create the reply
responder_nonce = secrets.token_bytes(HASH_LEN)
auth_ack_msg = responder.create_auth_ack_message(nonce=responder_nonce)
auth_ack_ciphertext = responder.encrypt_auth_ack_message(auth_ack_msg)
# Use the `writer` to send the reply to the remote
writer.write(auth_ack_ciphertext)
await writer.drain()
# Call `HandshakeResponder.derive_shared_secrets()` and use return values to create `Peer`
aes_secret, mac_secret, egress_mac, ingress_mac = responder.derive_secrets(
initiator_nonce=initiator_nonce,
responder_nonce=responder_nonce,
remote_ephemeral_pubkey=ephem_pubkey,
auth_init_ciphertext=msg,
auth_ack_ciphertext=auth_ack_ciphertext)
# Create and register peer in peer_pool
eth_peer = ETHPeer(remote=initiator_remote,
privkey=self.privkey,
reader=reader,
writer=writer,
aes_secret=aes_secret,
mac_secret=mac_secret,
egress_mac=egress_mac,
ingress_mac=ingress_mac,
chaindb=self.chaindb,
network_id=self.network_id)
self.peer_pool.add_peer(eth_peer)
async def receive_connection(cls, reader: asyncio.StreamReader,
writer: asyncio.StreamWriter,
private_key: datatypes.PrivateKey,
token: CancelToken) -> TransportAPI:
try:
msg = await token.cancellable_wait(
reader.readexactly(ENCRYPTED_AUTH_MSG_LEN),
timeout=REPLY_TIMEOUT,
)
except asyncio.IncompleteReadError as err:
raise HandshakeFailure from err
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg,
private_key,
)
except DecryptionError as non_eip8_err:
# Try to decode as EIP8
msg_size = big_endian_to_int(msg[:2])
remaining_bytes = msg_size - ENCRYPTED_AUTH_MSG_LEN + 2
try:
msg += await token.cancellable_wait(
reader.readexactly(remaining_bytes),
timeout=REPLY_TIMEOUT,
)
except asyncio.IncompleteReadError as err:
raise HandshakeFailure from err
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg,
private_key,
)
except DecryptionError as eip8_err:
raise HandshakeFailure(
f"Failed to decrypt both EIP8 handshake: {eip8_err} and "
f"non-EIP8 handshake: {non_eip8_err}")
else:
got_eip8 = True
else:
got_eip8 = False
peername = writer.get_extra_info("peername")
if peername is None:
socket = writer.get_extra_info("socket")
sockname = writer.get_extra_info("sockname")
raise HandshakeFailure(
"Received incoming connection with no remote information:"
f"socket={repr(socket)} sockname={sockname}")
ip, socket, *_ = peername
remote_address = Address(ip, socket)
cls.logger.debug("Receiving handshake from %s", remote_address)
initiator_remote = Node(initiator_pubkey, remote_address)
responder = HandshakeResponder(initiator_remote, private_key, got_eip8,
token)
responder_nonce = secrets.token_bytes(HASH_LEN)
auth_ack_msg = responder.create_auth_ack_message(responder_nonce)
auth_ack_ciphertext = responder.encrypt_auth_ack_message(auth_ack_msg)
# Use the `writer` to send the reply to the remote
writer.write(auth_ack_ciphertext)
await token.cancellable_wait(writer.drain())
# Call `HandshakeResponder.derive_shared_secrets()` and use return values to create `Peer`
aes_secret, mac_secret, egress_mac, ingress_mac = responder.derive_secrets(
initiator_nonce=initiator_nonce,
responder_nonce=responder_nonce,
remote_ephemeral_pubkey=ephem_pubkey,
auth_init_ciphertext=msg,
auth_ack_ciphertext=auth_ack_ciphertext)
transport = cls(
remote=initiator_remote,
private_key=private_key,
reader=reader,
writer=writer,
aes_secret=aes_secret,
mac_secret=mac_secret,
egress_mac=egress_mac,
ingress_mac=ingress_mac,
)
return transport
async def _receive_handshake(self, reader: asyncio.StreamReader,
writer: asyncio.StreamWriter) -> None:
msg = await self.wait(reader.read(ENCRYPTED_AUTH_MSG_LEN),
timeout=REPLY_TIMEOUT)
ip, socket, *_ = writer.get_extra_info("peername")
remote_address = Address(ip, socket)
self.logger.debug("Receiving handshake from %s", remote_address)
got_eip8 = False
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg, self.privkey)
except DecryptionError:
# Try to decode as EIP8
got_eip8 = True
msg_size = big_endian_to_int(msg[:2])
remaining_bytes = msg_size - ENCRYPTED_AUTH_MSG_LEN + 2
msg += await self.wait(reader.read(remaining_bytes),
timeout=REPLY_TIMEOUT)
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg, self.privkey)
except DecryptionError as e:
self.logger.debug("Failed to decrypt handshake: %s", e)
return
initiator_remote = Node(initiator_pubkey, remote_address)
responder = HandshakeResponder(initiator_remote, self.privkey,
got_eip8, self.cancel_token)
responder_nonce = secrets.token_bytes(HASH_LEN)
auth_ack_msg = responder.create_auth_ack_message(responder_nonce)
auth_ack_ciphertext = responder.encrypt_auth_ack_message(auth_ack_msg)
# Use the `writer` to send the reply to the remote
writer.write(auth_ack_ciphertext)
await self.wait(writer.drain())
# Call `HandshakeResponder.derive_shared_secrets()` and use return values to create `Peer`
aes_secret, mac_secret, egress_mac, ingress_mac = responder.derive_secrets(
initiator_nonce=initiator_nonce,
responder_nonce=responder_nonce,
remote_ephemeral_pubkey=ephem_pubkey,
auth_init_ciphertext=msg,
auth_ack_ciphertext=auth_ack_ciphertext)
# Create and register peer in peer_pool
peer = self.peer_class(
remote=initiator_remote,
privkey=self.privkey,
reader=reader,
writer=writer,
aes_secret=aes_secret,
mac_secret=mac_secret,
egress_mac=egress_mac,
ingress_mac=ingress_mac,
headerdb=self.headerdb,
network_id=self.network_id,
inbound=True,
)
if self.peer_pool.is_full:
peer.disconnect(DisconnectReason.too_many_peers)
else:
# We use self.wait() here as a workaround for
# https://github.com/ethereum/py-evm/issues/670.
await self.wait(self.do_handshake(peer))
async def _receive_handshake(
self, reader: asyncio.StreamReader, writer: asyncio.StreamWriter) -> None:
msg = await self.wait_first(
reader.read(ENCRYPTED_AUTH_MSG_LEN),
timeout=REPLY_TIMEOUT)
ip, socket, *_ = writer.get_extra_info("peername")
remote_address = Address(ip, socket)
self.logger.debug("Receiving handshake from %s", remote_address)
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg, self.privkey)
except DecryptionError:
# Try to decode as EIP8
msg_size = big_endian_to_int(msg[:2])
remaining_bytes = msg_size - ENCRYPTED_AUTH_MSG_LEN + 2
msg += await self.wait_first(
reader.read(remaining_bytes),
timeout=REPLY_TIMEOUT)
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg, self.privkey)
except DecryptionError as e:
self.logger.debug("Failed to decrypt handshake: %s", e)
return
# Create `HandshakeResponder(remote: kademlia.Node, privkey: datatypes.PrivateKey)` instance
initiator_remote = Node(initiator_pubkey, remote_address)
responder = HandshakeResponder(initiator_remote, self.privkey, self.cancel_token)
# Call `HandshakeResponder.create_auth_ack_message(nonce: bytes)` to create the reply
responder_nonce = secrets.token_bytes(HASH_LEN)
auth_ack_msg = responder.create_auth_ack_message(nonce=responder_nonce)
auth_ack_ciphertext = responder.encrypt_auth_ack_message(auth_ack_msg)
# Use the `writer` to send the reply to the remote
writer.write(auth_ack_ciphertext)
await writer.drain()
# Call `HandshakeResponder.derive_shared_secrets()` and use return values to create `Peer`
aes_secret, mac_secret, egress_mac, ingress_mac = responder.derive_secrets(
initiator_nonce=initiator_nonce,
responder_nonce=responder_nonce,
remote_ephemeral_pubkey=ephem_pubkey,
auth_init_ciphertext=msg,
auth_ack_ciphertext=auth_ack_ciphertext
)
# Create and register peer in peer_pool
peer = self.peer_class(
remote=initiator_remote,
privkey=self.privkey,
reader=reader,
writer=writer,
aes_secret=aes_secret,
mac_secret=mac_secret,
egress_mac=egress_mac,
ingress_mac=ingress_mac,
headerdb=self.headerdb,
network_id=self.network_id,
inbound=True,
)
await self.do_handshake(peer)
async def _receive_handshake(
self, reader: asyncio.StreamReader, writer: asyncio.StreamWriter) -> None:
msg = await self.wait(
reader.read(ENCRYPTED_AUTH_MSG_LEN),
timeout=REPLY_TIMEOUT)
peername = writer.get_extra_info("peername")
if peername is None:
socket = writer.get_extra_info("socket")
sockname = writer.get_extra_info("sockname")
raise HandshakeFailure(
"Received incoming connection with no remote information:"
f"socket={repr(socket)} sockname={sockname}"
)
ip, socket, *_ = peername
remote_address = Address(ip, socket)
self.logger.debug("Receiving handshake from %s", remote_address)
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg, self.privkey)
except DecryptionError as non_eip8_err:
# Try to decode as EIP8
got_eip8 = True
msg_size = big_endian_to_int(msg[:2])
remaining_bytes = msg_size - ENCRYPTED_AUTH_MSG_LEN + 2
msg += await self.wait(
reader.read(remaining_bytes),
timeout=REPLY_TIMEOUT)
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg, self.privkey)
except DecryptionError as eip8_err:
raise HandshakeFailure(
f"Failed to decrypt both EIP8 handshake: {eip8_err} and "
f"non-EIP8 handshake: {non_eip8_err}"
)
else:
got_eip8 = False
initiator_remote = Node(initiator_pubkey, remote_address)
responder = HandshakeResponder(initiator_remote, self.privkey, got_eip8, self.cancel_token)
responder_nonce = secrets.token_bytes(HASH_LEN)
auth_ack_msg = responder.create_auth_ack_message(responder_nonce)
auth_ack_ciphertext = responder.encrypt_auth_ack_message(auth_ack_msg)
# Use the `writer` to send the reply to the remote
writer.write(auth_ack_ciphertext)
await self.wait(writer.drain())
# Call `HandshakeResponder.derive_shared_secrets()` and use return values to create `Peer`
aes_secret, mac_secret, egress_mac, ingress_mac = responder.derive_secrets(
initiator_nonce=initiator_nonce,
responder_nonce=responder_nonce,
remote_ephemeral_pubkey=ephem_pubkey,
auth_init_ciphertext=msg,
auth_ack_ciphertext=auth_ack_ciphertext
)
transport = Transport(
remote=initiator_remote,
private_key=self.privkey,
reader=reader,
writer=writer,
aes_secret=aes_secret,
mac_secret=mac_secret,
egress_mac=egress_mac,
ingress_mac=ingress_mac,
)
# Create and register peer in peer_pool
peer = self.peer_pool.get_peer_factory().create_peer(
transport=transport,
inbound=True,
)
if self.peer_pool.is_full:
await peer.disconnect(DisconnectReason.too_many_peers)
return
elif not self.peer_pool.is_valid_connection_candidate(peer.remote):
await peer.disconnect(DisconnectReason.useless_peer)
return
total_peers = len(self.peer_pool)
inbound_peer_count = len([
peer
for peer
in self.peer_pool.connected_nodes.values()
if peer.inbound
])
if total_peers > 1 and inbound_peer_count / total_peers > DIAL_IN_OUT_RATIO:
# make sure to have at least 1/4 outbound connections
await peer.disconnect(DisconnectReason.too_many_peers)
else:
# We use self.wait() here as a workaround for
# https://github.com/ethereum/py-evm/issues/670.
await self.wait(self.do_handshake(peer))